AIVory Cursor Extension
The AIVory extension brings real-time compliance and security scanning directly into Cursor, the AI-first code editor. Get instant feedback on compliance violations as you code, with seamless integration into Cursor’s AI features.
- Real-time scanning as you write code with inline warnings and quick fixes
- AI code detection for Composer, Tab, and Chat-generated code
- 18+ compliance standards including OWASP Top 10, GDPR, HIPAA, PCI-DSS
- Zero configuration with intelligent defaults and free tier available
- Cursor Rules integration for automated compliance workflows
Why AIVory for Cursor?
Cursor is built for AI-powered development, and AIVory ensures every line of AI-generated code meets compliance standards.
Installation
Step 1: Install from Cursor Marketplace
- Open Cursor
- Go to Extensions (
Ctrl+Shift+XorCmd+Shift+X) - Search for “AIVory”
- Click Install
Step 2: Configure API Token
- Open Cursor Settings (
Ctrl+,orCmd+,) - Search for “AIVory”
- Enter your API Token from app.aivory.net/tokens
Step 3: Start Coding
That’s it! AIVory will now scan your code in real-time as you type.
Cursor-Specific Features
Composer Integration
AIVory integrates seamlessly with Cursor Composer, scanning multi-file code changes before they’re applied:
- Use Composer to generate multi-file changes
- AIVory scans all modified files automatically
- Review compliance warnings before accepting changes
- Fix violations with Composer’s help
- Re-scan to verify compliance
.cursorrules - see the Cursor Rules Integration section below.
Tab Autocomplete Integration
AIVory validates Cursor Tab suggestions in real-time:
- Scans autocomplete suggestions before they appear
- Shows compliance warnings for problematic suggestions
- Suggests compliant alternatives
- Works with single-line and multi-line completions
Chat Integration
Use AIVory with Cursor’s AI Chat for compliance-aware code generation:
You: Write a user authentication function with JWT
Cursor AI: [generates code]
AIVory: [scans automatically and shows inline warnings]
You: Fix the compliance violations
Cursor AI: [generates compliant version]
AIVory: All checks passed!
Command Palette Commands
Access AIVory features via Cursor’s Command Palette (Ctrl+Shift+P or Cmd+Shift+P):
| Command | Description |
|---|---|
| AIVory: Scan Current File | Manually trigger scan |
| AIVory: Scan Workspace | Scan all files in workspace |
| AIVory: View Scan Results | Open violations panel |
| AIVory: Configure Settings | Quick access to settings |
| AIVory: Show Documentation | Open docs |
Key Features
Real-Time Compliance Scanning
AIVory continuously monitors your code as you type:
Multi-Language Support
AIVory supports 70+ languages including JavaScript, TypeScript, Python, Java, Kotlin, Go, PHP, C#, C++, Ruby, Rust, Swift, and many more.
AI Code Detection
AIVory automatically detects AI-generated code:
- Identifies code from Cursor Composer
- Tracks Tab autocomplete insertions
- Monitors chat-generated code blocks
- Flags AI code for extra scrutiny
- Maintains audit trail of AI contributions
Compliance Standards
Scan against 18+ compliance standards including OWASP Top 10, GDPR, HIPAA, PCI-DSS, SOC 2, ISO 27001, NIST, CIS Controls, CCPA, and more.
Configuration
Extension Settings
Configure AIVory in Cursor Settings (Ctrl+, or Cmd+,):
Basic Settings
{
"aivory.apiToken": "your_api_token_here",
"aivory.autoScan": true,
"aivory.scanOnSave": true,
"aivory.scanOnPaste": true
}
Compliance Standards
{
"aivory.standards": [
"OWASP",
"GDPR",
"HIPAA",
"PCI-DSS",
"SOC2"
]
}
Scan Sensitivity
{
"aivory.severity": "medium", // low, medium, high, critical
"aivory.showInfoLevel": false,
"aivory.showWarningLevel": true,
"aivory.showErrorLevel": true
}
AI Code Settings
{
"aivory.detectAICode": true,
"aivory.requireAIScanApproval": true,
"aivory.highlightAICode": true
}
Project-Level Configuration
Create .aivoryrc in your project root:
{
"standards": ["OWASP", "GDPR"],
"severity": "high",
"excludePatterns": [
"node_modules/**",
"dist/**",
"build/**",
"*.test.js"
],
"includePatterns": [
"src/**/*.js",
"src/**/*.ts"
]
}
Workspace Settings
Configure per-workspace in .vscode/settings.json:
{
"aivory.enabled": true,
"aivory.standards": ["OWASP", "HIPAA"],
"aivory.severity": "high"
}
Cursor Rules Integration
Create or edit .cursorrules in your project root to enforce compliance workflows:
Complete .cursorrules Example
# AIVory Compliance Rules
## Code Generation
When writing or modifying code:
1. Write the code as requested
2. Wait for AIVory extension to scan automatically
3. Review inline compliance warnings
4. Fix all violations before proceeding
5. Re-scan to verify compliance
## Composer Workflow
When using Composer for multi-file changes:
1. Review Composer's proposed changes
2. Wait for AIVory to scan all affected files
3. Check for compliance violations in each file
4. Fix violations using Composer
5. Only accept changes when AIVory shows no violations
## Chat Workflow
When generating code via chat:
1. Generate the requested code
2. AIVory scans automatically
3. If violations found, ask AI to fix them
4. Continue until no violations remain
5. Only then mark task complete
## Never Skip
- Never ignore AIVory warnings
- Never disable AIVory for convenience
- Never commit code with unresolved violations
- Always verify fixes with re-scan
Workflow Examples
Example 1: Writing Secure Authentication
You: Create a user login endpoint with password hashing
Cursor Composer:
- Creates login.js
- Adds password hashing with bcrypt
- Implements JWT tokens
AIVory scans and finds:
Warning: Missing rate limiting (OWASP)
Warning: No password complexity requirements (OWASP)
Warning: JWT secret not validated (OWASP)
You: Fix these OWASP violations
Cursor Composer:
- Adds express-rate-limit
- Implements password policy
- Validates JWT configuration
AIVory re-scans:
Success: All OWASP checks passed
Success: Code is compliant
You: Accept changes
Example 2: GDPR-Compliant Data Handler
You: Write a user data handler for storing customer information
Cursor generates code...
AIVory scans and finds:
Warning: Missing data retention policy (GDPR)
Warning: No consent tracking (GDPR)
Warning: Personal data not encrypted at rest (GDPR)
You: Make this GDPR compliant
Cursor fixes violations...
AIVory re-scans:
Success: All GDPR checks passed
Example 3: Batch Scanning Workspace
Command Palette -> AIVory: Scan Workspace
AIVory scans all files and reports:
- 142 files scanned
- 12 violations found
- 3 critical, 5 high, 4 medium
Click "View Results" to see violation list
Fix violations file by file
Use "Scan Workspace" again to verify
Troubleshooting
Extension Not Scanning
Problem: AIVory doesn’t scan files automatically
Solutions:
- Check extension is enabled: Extensions -> AIVory -> Enabled
- Verify API token in settings:
aivory.apiToken - Check file type is supported:
.js,.py,.java, etc. - Restart Cursor: Close and reopen
Inline Warnings Not Showing
Problem: No squiggly lines appear for violations
Solutions:
- Check severity settings:
aivory.severity - Enable warning level:
aivory.showWarningLevel: true - Verify language support: Not all languages show inline warnings yet
- Check Problems panel:
View -> Problems
Composer Not Scanning
Problem: Composer changes don’t trigger AIVory scan
Solutions:
- Enable auto-scan:
aivory.autoScan: true - Scan on save: Save files after Composer applies changes
- Manual scan: Use Command Palette -> AIVory: Scan Current File
- Check
.cursorrules: Ensure rules are configured
API Token Invalid
Problem: “Invalid API token” error
Solutions:
- Generate new token: app.aivory.net/tokens
- Copy token exactly (no extra spaces)
- Update settings:
aivory.apiToken - Restart Cursor
Rate Limits (Free Tier)
Problem: “Rate limit exceeded” error
Solutions:
- Free tier limits: 3 scans/day, 15 files/scan
- Upgrade to full access: app.aivory.net/register/plans
- Scan selectively: Disable auto-scan, scan manually
- Use project config: Add
excludePatternsto skip test files
Dashboard Integration
View detailed metrics at app.aivory.net:
See Dashboard Documentation for details.